Navegação estrutural

Monetary Authority of Singapore Guidance

To safeguard sensitive customer data and comply with MAS’s TRM guidelines, organizations need to apply consistent, robust, and granular controls. With the Vormetric Data Security Platform from Thales e-Security, customers can leverage the flexible integration, comprehensive capabilities, and centralized policy and key management they need to efficiently address these guidelines throughout their organization.

The TRM contains statements of industry best practices that financial institutions conducting business in Singapore are expected to adopt. The MAS makes clear that, while the TRM requirements are not legally binding, they will be a benchmark the MAS uses in assessing the risk of financial institutions.

Guideline Descriptions

8.4.4 The FI should encrypt backup tapes and disks, including USB disks, containing sensitive or confidential information before they are transported offsite for storage.

9.1.6 Confidential information stored on IT systems, servers and databases should be encrypted and protected through strong access controls, bearing in mind the principle of “least privilege”.

11.0.1.c Access control principle – The FI should only grant access rights and system privileges based on job responsibility and the necessity to have them to fulfill one's duties. The FI should check that no person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities.

11.1.1 The FI should only grant user access to IT systems and networks on a need-to-use basis and within the period when the access is required. The FI should ensure that the resource owner duly authorises and approves all requests to access IT resources.

11.2 Privileged Access Management.

11.2.3.d. Grant privileged access on a “need-to-have” basis.

11.2.3.e. Maintain audit logging of system activities performed by privileged users.

11.2.3.f. Disallow privileged users from accessing systems logs in which their activities are being captured.

Vormetric Security Intelligence can deliver granular file access logs to popular security information and event management (SIEM) systems and be used to support audits.

Thales e-Security HSMs

Hardware Security Modules (HSMs) from Thales e-Security provide a hardened, tamper-resistant environment for secure cryptographic processing, key protection, and key management. With these devices organizations can deploy high assurance security solutions that satisfy widely established and emerging standards of due care for cryptographic systems and practices—while also maintaining high operational efficiency.

The TRM Guidelines are statements of industry best practices which financial institutions (FI) are expected to adopt, and although they are not legally binding, the degree of observance with the spirit of the TRM Guidelines by a FI will be taken into account by MAS in its risk assessment of the FI. These guidelines hold for any FI that is doing business in Singapore.

According to the legend of Willie Sutton, the oft-misquoted bandit robbed banks because ‘that’s where the money is’. Thus it’s no surprise that the U.S. financial industry is among those that are most heavily targeted by cyber attacks, and like the broader global economy, has been subject to numerous and well-publicized data threats.

Vormetric is our standard. Whenever an encryption solution is needed, the answer is always, ‘let’s start with Vormetric.Damian McDonaldVice President of Global Information Security, Becton, Dickinson and Company

There is absolutely no noticeable impact on the performance or usability of applications. I am very excited at how easy the solution is to deploy and it has always performed flawlessly.Christian MuusDirector of Security for Teleperformance EMEA

Implementing Vormetric has given our own clients an added level of confidence in the relationship they have with us; they know we’re serious about taking care of their data.Audley Deansenior director of Information Security,BMC Software

Vormetric’s approach of coupling access control with encryption is a very powerful combination. We use it to demonstrate to clients our commitment to preserving the security and integrity of their test cases, data and designs.David VargasInformation Security ArchitectCadence Design Systems

My concern with encryption was the overhead on user and application performance. With Vormetric, people have no idea it’s even running.Karl MudraCIODelta Dental of Missouri

The Vormetric solution not only solved all of our encryption needs but alleviated any fears of the complexity and overhead of managing the environment once it was in place.Joseph Johnson,chief information security officer CHS

As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We… Joe Majka,Chief Security Officer

Thales provided the expertise needed to design and implement a tailored, secure VoIP solutionThe Thales team helped us to develop and implement a process that protects our customers’ calls and our company from counterfeiting.Marek Dutkiewicz,Director of Product Management